Federal Deposit Insurance Corporation
Office of Inspector General
Washington, D.C. 20434

DATE: March 27, 2003

TO: Michael J. Zamorski, Director, Division of Supervision and Consumer Protection

FROM: Russell A. Rau [Electronically produced version; original signed by Russell A. Rau ], Assistant Inspector General for Audits

SUBJECT: The Division of Supervision and Consumer Protection’s Examination of Transactions With Affiliates (Evaluation Report No. 03-025)

This report presents the results of our evaluation of the Division of Supervision and Consumer Protection’s (DSC) examination of Federal Deposit Insurance Corporation (FDIC)-supervised financial institution affiliate transactions. (Note: The Division of Supervision and Consumer Protection resulted from the June 30, 2002 merger of FDIC’s Division of Supervision (DOS) and Division of Compliance and Consumer Affairs (DCA). Section 2(k) of The Bank Holding Company Act of 1956 defines the term "affiliate" as any company that controls, is controlled by, or is under common control with another company. Section 3(w) of The Federal Deposit Insurance Act provides that the term "affiliate" has the meaning given to such term in section 2(k) of The Bank Holding Company Act of 1956.) Affiliates can include bank holding companies, subsidiaries of the holding companies, and bank or financial subsidiaries of financial institutions. A bank’s relationships and transactions with its affiliated organizations can significantly affect the operations and overall financial condition of a financial institution. In this regard, the FDIC has been granted authority, under Section 10(b)(4) of the Federal Deposit Insurance Act (FDI Act), to examine affiliates, under certain conditions, to disclose the relationship between the financial institution and any such affiliate and the effect of the relationship on the bank. In addition, as part of the safety and soundness examination of a bank, in situations where affiliated organizations are identified, DSC examiners determine whether a bank’s transactions with its affiliates are in regulatory compliance and not detrimental to the safety and soundness of the financial institution. The importance of ensuring that a sound financial and managerial relationship exists between a financial institution and its affiliated organizations can be further demonstrated by the fact that material loss reviews and other reviews of several bank failures in recent years have identified concerns related to the failed financial institutions’ relationships and transactions with their respective affiliates. (Note: A material loss review is a legislatively mandated assessment of the causes for material losses to deposit insurance funds sustained as a result of a failure of an FDIC-insured financial institution. As an example, in its February 6, 2002 audit report entitled, Issues Related to the Failure of Superior Bank, FSB, Hinsdale Illinois, the FDIC OIG concluded that the primary federal regulator did not adequately monitor the transactions between Superior Bank and its holding companies and affiliates. In addition, Superior’s dividend payments to its holding company had a detrimental effect on the bank’s capital.)

The overall objective of our evaluation was to review DSC’s efforts to identify affiliates of FDIC-supervised institutions and examine transactions with such affiliates. In accomplishing our objective, we reviewed the following areas.

1. The manner in which DSC examiners identify and assess the risks associated with affiliates and affiliate transactions in determining the examination procedures applied to this activity during safety and soundness examinations.
   
   
2. The adequacy of examination procedures actually applied to affiliate activities.

In reviewing these two areas, we addressed the role of the DSC case manager in identifying and monitoring FDIC-supervised institution affiliates and affiliate transactions.

Details of our overall objective, sub-objectives, scope, and methodology are included as Appendix I of this report. Appendix II contains a list of acronyms and abbreviations used in this report.

Sections 23A and 23B of the Federal Reserve Act (FR Act), as applied by federal banking agencies under various federal banking statutes, serve as the primary framework that governs the extent of affiliation of banks and other business organizations. The federal banking statutes that apply to the FDIC in this regard include the Banking Act of 1933, the Bank Holding Company Act of 1956 (BHC Act), and the FDI Act of 1950. Section 18(j) of the FDI Act extended the provisions of Sections 23A and 23B of the FR Act to state non-member banks, which are regulated by the FDIC.

The term "affiliate" was initially defined in section 2(b) of the Banking Act of 1933 as any corporation, business trust, association, or similar organization that comes within one or more of four categories.

1. Subsidiary of a bank;
2. Common shareholder affiliate;
3. Common directors affiliate; and
4. Holding or controlling affiliates.

Section 2(k) of the BHC Act defines an "affiliate" as any company that controls, is controlled by, or is under common control with another company. The FDI Act cites the same definition for "affiliate" as the BHC Act. Section 23A of the FR Act provides a definition of "affiliate" that includes four major types.

1. Parent holding company and its subsidiaries;
2. Bank subsidiaries of a bank;
3. Companies interlocked with a banking organization; and
4. Sponsored and advised affiliates (on a contractual basis by a bank or by any of the bank’s subsidiaries or affiliates).

The Gramm-Leach-Bliley Act of 1999 (GLBA) impacts the types of financial activities that banks and their affiliates can conduct. The GLBA expanded the definition of affiliate to include financial subsidiaries of banks. A financial subsidiary is defined in the GLBA as a bank operating subsidiary engaged in some of the new financial activities permitted for financial holding companies and their affiliates, such as offering securities and insurance products. The GLBA also provides for the functional regulation of securities and insurance activities. Accordingly, banking activities are to be regulated by bank regulators, securities activities by securities regulators, and insurance activities by state insurance departments.

Appendix III is an excerpt from DSC’s Manual of Examination Policies, Section 4.3, Related Organizations, that includes a detailed description of the four major types of affiliates defined in Section 23A of the FR Act.

Under section 2 of the BHC Act, a "bank holding company" is defined to include any corporation, partnership, business trust, association, or similar organizations, or any long-term trust that has control over any bank or over any bank holding company. A company controls a bank if it owns, controls, or has the power to vote 25 percent or more of the voting stock of a bank, controls the election of a majority of the bank’s directors, or exercises a controlling influence over the bank’s management or policies. The Federal Reserve Board (FRB) is responsible for inspecting all bank holding companies and their nonbank subsidiaries, and the designated federal regulator is responsible for supervising the financial institution(s) controlled by the bank holding company and any nonbank subsidiaries of the financial institution(s).

The FDIC is responsible for regulating state nonmember banks that are part of a bank holding company structure. A bank holding company structure allows the nonbank subsidiaries to engage in a variety of activities unrelated to the traditional deposit taking and lending functions of a bank. The FRB authorized various types of nonbank activities, including mortgage origination, leasing, and electronic data processing, that are permissible activities for nonbank subsidiaries of bank holding companies.

The passage of the GLBA significantly expanded the powers of bank subsidiaries and bank holding companies to engage in activities that are "financial in nature," including offering insurance and securities products. This Act authorizes the organization of a "financial holding company" under section 4 of the BHC Act. An existing bank holding company may become a financial holding company by notifying the FRB of its election to do so.

The FRB collects organizational and financial data from bank holding companies and requires that some information be provided on FRB reporting forms. Reports include:

• FR Y-3, Application for Prior Approval to Become a Bank Holding Company, or for a Bank Holding Company to Acquire an Additional Bank or Bank Holding Company,
• FR Y-6, Annual Report of Bank Holding Companies,
• FR Y-8, The Bank Holding Company Report of Insured Depository Institutions’ Section 23A Transactions with Affiliates, and
• FR Y-9C, Consolidated Financial Statements for Bank Holding Companies.

Under the BHC Act, bank holding companies are required to register and file annual reports with the FRB. The FR Y-6 Report is filed by all top-tier bank holding companies and consists of the requirement to submit Securities and Exchange Commission (SEC) form 10-K if the bank holding company is registered with the SEC or an annual report if one is created and sent to shareholders. The FR Y-6 Report also requires the submission of an organizational chart and includes information on the identity, percentage ownership, and business interests of principal shareholders, directors, and executive officers.

The FR Y-8 Report is a quarterly report filed by all top-tier bank holding companies and collects information on transactions between an insured depository institution and its affiliates that are subject to Section 23A of the FR Act. A separate FR Y-8 Report should be filed for each insured depository institution and submitted to the appropriate Federal Reserve Bank. (Note: The 12 Federal Reserve Banks are located in Boston, MA; New York, NY; Philadelphia, PA; Cleveland, OH; Richmond, VA; Atlanta, GA; Chicago, IL; St. Louis, MO; Minneapolis, MN; Kansas City, MO; Dallas, TX; and San Francisco, CA.)

The relationship of a bank with its affiliated organizations is important to an analysis of the condition of the bank itself. Due to the commonality of ownership or management between financial institutions and affiliated organizations, transactions with affiliates may not be subject to the same sort of objective analysis that exists in transactions between independent parties.

Section 23A of the FR Act is the primary statute governing transactions between a financial institution and its affiliates and is designed to prevent the misuse of a bank’s resources stemming from transactions with its affiliates. Section 23A regulates loans or extensions of credit to affiliated organizations and investments in affiliates by restricting the amount of loans, extensions of credit, and investments, and requiring that the loans or extensions of credit meet certain collateral standards. (Note: Section 23A limits the aggregate of all covered transactions between a bank and (1) a particular affiliate to 10 percent of the bank’s capital stock and surplus and (2) all of its affiliates to 20 percent of the bank’s capital stock and surplus.)

The FR Act defines five types of covered transactions.

1. A loan or extension of credit to an affiliate;
2. A purchase of or an investment in securities issued by an affiliate;
3. A purchase of assets, including assets subject to an agreement to repurchase from the affiliate;
4. The acceptance of securities issued by an affiliate as collateral for any loan; and
5. The issuance of a guarantee, acceptance, or letter of credit on behalf of an affiliate.

If a transaction between a bank and an affiliate cannot be determined to be within one of the five categories mentioned above, it is not a covered transaction for the purposes of Section 23A of the FR Act and is not subject to its limitations. For example, dividends or fees paid by a bank to its parent holding company are not covered transactions under Section 23A.

The FR Act also contains two other provisions related to covered and exempted transactions. First, a bank may not purchase any "low quality asset" from an affiliate in any amount unless, pursuant to an independent credit evaluation, the bank had committed itself to purchase such asset prior to the time such asset was acquired by the affiliate. (Note: A "low quality asset" is defined as: (1) an asset which was classified as "substandard", "doubtful", or "loss", or treated as "other loans especially mentioned" in the most recent Report of Examination (ROE) or inspection of an affiliate prepared by either a state or federal supervisory agency; (2) an asset in a nonaccrual status because of deteriorating credit quality and/or past due status; (3) an asset on which principal or interest payments are more than 30 days past due; and (4) an asset whose terms have been renegotiated or compromised due to the deteriorating financial condition of the obligor.) The second provision requires that any covered transaction between a bank and an affiliate must be on terms and conditions that are consistent with safe and sound banking practices.

Section 23B of the FR Act applies to insured nonmember banks through section 18(j) of the FDI Act. Section 23B essentially imposes the following four additional restrictions.

1. A requirement that the terms of affiliate transactions be comparable to terms of similar non-affiliate transactions;
2. A restriction on the extent that a bank may, as a fiduciary, purchase securities and other assets from an affiliate;
3. A restriction on the purchase of securities where an affiliate is the principal underwriter; and
4. A prohibition on agreements and advertising providing or suggesting that a bank is responsible for the obligations of its affiliates.

Violations of Section 23B by state nonmember banks are subject to the civil money penalties of subsection (3)(A) of section 18(j) of the FDI Act.

The FDIC shares supervisory and regulatory responsibility for FDIC-insured institutions with other regulatory agencies, including the FRB, the Office of the Comptroller of the Currency, the Officer of Thrift Supervision, and the state authorities. (Note: The terms "FDIC-insured institution" and "insured depository institution" refer to all banks and savings associations insured by the FDIC. The term "FDIC-supervised institution" refers to those banks for which the FDIC is the primary federal regulator, i.e., FDIC-insured state-chartered commercial banks that are not members of the Federal Reserve System, state-licensed insured branches of foreign banks, and state-chartered savings banks.) In addition to its role as insurer, the FDIC is the primary regulator of federally insured state-chartered banks that are not members of the Federal Reserve System.

As insurer, the FDIC is concerned with safety and soundness of all insured institutions. The FDIC’s role is to protect depositors in the nation’s insured depository institutions, help maintain confidence in the banking industry, and promote safe and sound banking practices. Bank supervision is a primary tool that the FDIC uses to fulfill this role, and DSC carries out this supervisory role through its on-site examinations and off-site monitoring of banks between examinations.

The most comprehensive examination is the on-site, full-scope safety and soundness examination. The examination process can help prevent problem situations from remaining uncorrected and deteriorating to the point where costly financial assistance by the FDIC, or even paying insured depositors directly, becomes unavoidable. Bank examinations provide the examiner with an understanding of the nature, relative seriousness, and ultimate cause of a bank’s problems, as well as a factual foundation on which to soundly base corrective measures, recommendations, and instructions.

After completing a full-scope examination, the DSC examiner uses a uniform rating system to assign a numeric rating to reflect the assessment of the bank’s financial condition, compliance with laws and regulations, and overall operating soundness. The FDIC’s rating of six elements -- Capital adequacy, Asset quality, Management performance, Earnings, Liquidity, and Sensitivity to market risk -- is referred to as the CAMELS rating. The FDIC assigns an overall composite rating that takes into account these six elements and other factors regarding the bank’s overall financial condition and the safety and soundness of its operations. CAMELS component and composite ratings range from 1 to 5, with a 5 rating representing the most critically deficient level of performance.

The preparation of examination workpapers is an important part of documenting the examination process and supporting examination conclusions. DSC’s Regional Directors Memorandum entitled, Guidelines for Examination Workpapers and Discretionary Use of Examination Documentation Modules, dated September 25, 2001, Transmittal Number 2001-039 (RDM 2001-39), provides guidance for examiners to document the results of examinations either through the use of Examination Documentation (ED) Modules or a combination of brief summaries, bank source documents, and ROE comments. The FDIC and the FRB developed the ED Modules to provide examiners with a tool to focus on risk management and to establish an appropriate examination scope. The ED Modules incorporate questions and points of consideration into examination procedures to specifically address a bank’s risk management strategies for each of its major business activities. At the time that the examinations in our review were performed, there were 10 Primary modules, 11 Supplemental modules, and 18 Specialty modules for examiners to use in their examinations. (Note: The Primary ED Modules are: (1) Risk Scoping Activities; (2) Capital Adequacy Analysis; (3) Loan Portfolio Management and Review, General; (4) Securities and Derivatives Examination Procedures; (5) Other Assets and Liabilities; (6) Management and Internal Control Evaluation; (7) Earnings Analysis; (8) Liquidity Analysis; (9) Rate Sensitivity; and (10) Anti-Money Laundering/Bank Secrecy Act.) One of the Supplemental modules, entitled Related Organizations, dated October 2000, includes procedures pertaining to affiliates and affiliate transactions. Appendix IV of this report includes the Related Organizations ED Module in its entirety.

DSC's Internal Control and Review Section (ICRS) is responsible for developing, implementing, overseeing, and coordinating the division's internal risk management activities. One of ICRS's activities is to provide reasonable assurance, through internal reviews of the regional offices, that the DSC examination and supervision program operates effectively and efficiently and in accordance with corporate and divisional policies. ICRS established a Regional Office Review Program to ensure substantive compliance with policies and procedures and quality of the examination reports. ICRS reviews each regional office every 2 years. The regional review program is structured in a checklist format. Among the many items that the ICRS reviewer checks is whether the Pre-Examination Planning (PEP) memorandum clearly documents targeted risk areas and low-risk areas where greater-or-less-than-normal examination resources will be devoted. The ICRS reviewer also determines whether the field office reviews included a review of examination workpapers for support of information contained in the ROE. The Dallas Regional Office (DRO) has a workpaper review form, a checklist, to assist in its field office reviews to determine the overall quality of field office examination workpapers. The reviewer is reminded to check whether the PEP memorandum discusses areas of emphasis or procedures that can be eliminated. The reviewer also is reminded to check whether the examination workpapers contain summary statements that support conclusions for each CAMELS component and provide an audit trail of examination findings.

The FDIC implemented its Case Manager Program in April 1997. The primary goal of the Case Manager Program is to significantly enhance risk assessment and supervision activities by assigning responsibility and accountability for a caseload of institutions or companies to one individual, the case manager, regardless of charter and location, and by encouraging a more proactive, but non-intrusive, coordinated supervisory approach. Another goal of the Case Manager Program is to promote better communication and coordination among the FDIC, other regulators, and the banking industry so that a consistent regulatory voice is presented, while minimizing regulatory burden to the extent possible. The emphasis of the program is to ensure that the level of regulatory oversight afforded to a financial institution is commensurate with the level of risk it poses to the deposit insurance funds. Case managers, in conjunction with senior DSC management, coordinate and direct DSC’s supervisory examination program using a top-down approach to develop strategies and examination activities for all insured depository institutions in their caseloads. The primary responsibilities of the case managers involve assessing risk to the deposit insurance fund and directing the appropriate supervisory efforts to eliminate or manage such risk. In this regard, case managers must maintain an informed position on their caseloads, including monitoring affiliates and related transactions for the financial institutions in their caseloads.

Overall, DSC’s efforts to identify affiliates of FDIC-supervised institutions and examine transactions with such affiliates were generally adequate. DSC examiners identify and assess the risks associated with affiliates and affiliate transactions on an individual institution basis during the course of a safety and soundness examination of each financial institution rather than DSC maintaining aggregate information on how many of nearly 4,900 FDIC-supervised financial institutions have affiliate relationships. DSC examiners rely on information requested of and provided by the financial institution and, in some cases, the FRB, to identify affiliates and affiliate transactions, assess the risks associated with affiliates and affiliate transactions, and establish an appropriate examination scope for affiliate activities. Further, DSC case managers play a key role in helping examiners identify affiliates in FDIC-supervised financial institutions through the case manager’s communications with bank management and reviews of FRB holding company inspection reports. However, DSC examiners are not always requesting a list of affiliate transactions that have occurred since the prior examination or FRB reports regarding affiliate transactions and bank organizational structure. As a result, DSC is not obtaining information that could provide greater assurance that examiners have identified all affiliate activities before an examination is conducted and properly planned examination coverage to address the associated risks. (See FINDING A: DSC’S IDENTIFICATION AND RISK ASSESSMENT OF AFFILIATES AND AFFILIATE TRANSACTIONS.)

Concerning the adequacy of the examination procedures that examiners applied in reviewing affiliate transactions, DSC examination workpapers for 17 of the 21 financial institution examinations we reviewed contained sufficient information in the form of the ED Module procedures or summary statements to identify the procedures used, and the examiners’ methodology in these instances appeared reasonable. However, for four examinations, we could not conclude on the adequacy of the examination procedures applied to the financial institutions’ affiliate activities because the examination procedures were not documented in the examination workpapers. DSC policies stipulate that examination documentation should provide written support for the examination and verification procedures performed, conclusions reached, and narrative comments in the ROE. As a result, in these four instances, we could not determine what procedures the examiners used to review affiliate transactions, although affiliate activity was reflected in the ROEs. (See FINDING B: DSC’S EXAMINATION PROCEDURES FOR REVIEWING AFFILIATE TRANSACTIONS.)

While DSC’s approach for identifying affiliates and affiliate transactions is reasonable, we are recommending that examiners request additional information from the financial institutions in the form of affiliate transactions that have taken place since the prior safety and soundness examination, and become aware of FRB reports on affiliate transactions and bank holding company structure. Further, we are recommending that DSC ensure examiner compliance with documentation guidelines for reviewing affiliate activity through its internal review process.

While DSC’s approach to identifying affiliates and affiliate transactions is reasonable, examiners could request and obtain additional information on affiliate activity during pre-examination planning. DSC examiners collect affiliate information and assess the associated risks on an institution-by-institution basis as part of the safety and soundness examinations of the individual banks. In preparation for their examinations, examiners send information request lists, including a request for data related to affiliates and affiliate transactions, if applicable, to bank management. However, examiners are not always requesting a list of affiliate transactions that have occurred since the prior examination or FRB reports regarding affiliate transactions and bank holding company structure and ownership. Such information would serve as additional resources for examiners to use in reviewing and determining that transactions between banks and their affiliates comply with the provisions of applicable laws and ensuring the transactions are not detrimental to the safety and soundness of the financial institutions. In the absence of this information, examiners could be missing an opportunity to gain greater assurance that they have identified all affiliate activities before an examination is conducted and properly planned examination coverage to address the associated risks.

DSC issued a Regional Directors Memorandum entitled, Revised Pre-examination Planning Memoranda, dated September 12, 2001, Transmittal Number 2001-037 (RDM 2001-037), that revised the PEP process in response to the DSC Process Redesign recommendation to streamline the process and make it more efficient. Some of the revised provisions include preparing PEP memoranda comments on an "exception only" basis, according to areas of higher-than-normal or lower-than-normal perceived risk; promoting uniformity in both the format and content of the regions’ PEP memoranda; and briefly summarizing significant topics discussed with bank management prior to the start of the examination. In addition, RDM 2001-039 includes guidelines for retaining documentation support in the examination workpapers and mentions pre-planning documents such as the bank entry letter data and examination task checklist items such as the Officer’s Questionnaire.

According to the FDIC’s Case Managers Procedures Manual, a case manager’s primary responsibility involves assessing risk to the deposit insurance fund and directing the appropriate supervisory efforts to eliminate or manage such risk. The principal duties and responsibilities of case managers include directing supervisory strategies, communicating and responding to bank management, and reviewing and processing reports of examination. RDM 2001-037 includes a responsibility for case managers to become actively involved in the pre-examination planning process by discussing examination issues with the examiners and relaying relevant information to the examiners regarding case managers’ interactions with financial institutions and other regulators. RDM 2001-037 also states that the case manager can serve as a resource for the examiner during and after the safety and soundness examination.

DSC does not have a database that tracks aggregate information on affiliates and respective transactions for nearly 4,900 FDIC-supervised banks. We asked the EICs, operations managers from the examination teams, and case managers if they thought there was a need for a database that would track this information. Most of the individuals we interviewed told us that this type of database would not be beneficial to DSC’s management or add value to the examination process. Some of the reasons the interviewees cited for not needing a database to track affiliates are:

• Information related to affiliates is collected and readily available on an institution-by-institution basis in examination workpapers and files.
• Aggregate information on affiliates and affiliate transactions is not necessarily meaningful because there is no need to determine trends or patterns within the financial regulatory industry regarding the number of affiliates and related transactions in financial institutions.
• This type of database would require frequent updates.
• There is no real common interest among banks in relation to affiliates. Each bank has its individual set of circumstances regarding affiliates and affiliate transactions.

FDIC statistics on banking show that, as of September 30, 2002, there were 4,864 FDIC-supervised financial institutions having total assets of nearly $1.3 trillion. Of the nearly 4,900 FDIC-supervised financial institutions, 15 percent (746 banks) had assets greater than $250 million with aggregate assets of nearly $923 billion (74 percent of the nearly $1.3 trillion in total assets). To determine the level of affiliates activity in the large banks, we selected 24 banks with assets greater than $250 million, as of December 31, 2001, for our review and found that DSC examiners identified affiliates in the ROEs for all but one bank that was a family-owned financial institution. Most of the affiliate relationships are bank holding companies and several are one-bank holding companies. Five of the 24 banks are Industrial Loan Corporations (ILC) with parent bank holding companies that are not regulated by the FRB. (Note: An ILC is a depository charter that can be owned by a non-bank, is eligible for FDIC insurance, and is excepted from the definition of a "bank" set forth in the Bank Holding Company Act of 1956. However, ILCs are subject to Sections 23A and 23B of the Federal Reserve Act regarding affiliate transactions.) (Table 3 in Appendix I provides additional detail on our audit sample.)

DSC examiners rely on information provided by the financial institutions or the FRB to identify affiliates, for purposes of safety and soundness examinations. Examiners request affiliate information from the financial institutions prior to the onsite examination and supplement this information with data from the FRB. The EICs we interviewed told us they typically determine the existence of affiliate relationships in the banks they examine through various means, including:

• Requesting the information from the bank through the safety and soundness request package submitted to bank management prior to the onsite examination. (Note: In the letter to bank management announcing the safety and soundness examination, EICs submit information request lists to be assembled for offsite and onsite reviews. EICs refer to this letter as the "First Day Letter.")
• Holding a pre-planning meeting with bank management.
• Reviewing the Officer’s Questionnaire. (Note: The Officer’s Questionnaire contains 15 questions pertaining to areas such as extensions of credit to bank officials, assets owned by the bank but not shown on its accounting records, and pending lawsuits. The Officer’s Questionnaire is an official document that must be signed and certified by a high ranking official of the bank, such as the Chief Executive Officer.)
• Reviewing the financial statements of the bank’s holding company.
• Reading previous ROEs.
• Reviewing other documents such as the bank’s annual report, SEC filings 10K and 10Q, internal and external audit reports, and FRB bank holding company inspection reports.

In our interviews with case managers, we discussed how the case manager perceives what his or her role is in identifying affiliates and affiliate transactions, and the case manager’s role in monitoring affiliates and affiliate transactions. Case managers told us they generally rely on the examiners to identify affiliates and affiliate transactions during the pre-examination planning phase of the safety and soundness examination and while conducting the actual onsite examination. Through their communications with the financial institutions, processing of bank applications, and reviews of FRB reports, case managers acquire information about the financial institutions in their caseloads. In situations where the case manager has obtained information about a bank’s affiliates and related activities, the case manager communicates this information to the examiners. One of the case managers is currently involved in processing requests for approval of affiliate transactions for one of the banks in the case manager’s caseload. In this instance, the financial institution is required to obtain FDIC approval of dividend payments and transactions with affiliates as a result of violations identified in prior years’ examinations.

Case managers mentioned numerous ways through which they monitor affiliate activities for the financial institutions in their caseloads.

• Case managers receive regular and specific correspondence from the FRB regarding bank holding companies.
• Case managers learn about organizational changes through the financial institutions’ applications to the FDIC for mergers and acquisitions as well as other changes in control.
• Case managers review press releases, E-clips, and news articles. For problem banks under enforcement actions, case managers receive reports from the banks on a regular basis informing the FDIC of the status of corrective actions.
• Case managers make outreach calls to the bank, during which the case manager will discuss, among other issues, plans for new ownership or possible changes in bank management.
• Offsite monitoring.

Some case managers mentioned their ongoing communications and correspondence with the financial institutions. One case manager told us that when a good relationship is developed between the case manager and the financial institution, bank officials are more willing to contact the case managers with inquiries and will voluntarily provide information. One of the case managers we interviewed participated in the FDIC’s onsite examination of the largest bank in the case manager’s portfolio.

Examiners use the information obtained from the financial institutions, the FRB, and case managers in their pre-planning activities to determine, among other things, the level of risk associated with the banks’ affiliated relationships in order to assess the amount of work to be performed during the safety and soundness examination. RDM 2001-037 stipulates that targeted risk areas are areas with more than normal risk, to which the examiner intends to devote additional or "above normal" examination resources. These targeted risk areas may include CAMELS components or specialty areas, such as related organizations. For areas of moderate or "normal" risk, examiners perform standard examination procedures. RDM 2001-037 states that if not specifically mentioned in the PEP memorandum, the examiners are not expected to complete supplemental ED Modules, such as the Related Organizations ED Module, but adds that the PEP memorandum should indicate when it is anticipated the ED Modules will be used during the examination.

The EICs included a discussion of affiliates in the PEP memoranda for 21 of the 24 examinations we reviewed. For example, in one of the PEP memoranda the EIC included a section dealing with affiliate relationships and specific items to be reviewed during the examination, such as servicing agreements between the banks and its affiliates as well as any high risk practices imposed on the bank as a result of affiliate relationships or servicing agreements. For the three examinations in which the examiners did not target affiliates work in the PEP memoranda, two banks had a CAMELS rating of "1" and the third bank was a family-owned business with no affiliates.

Examiners identify affiliate transactions through various means, including responses to the Officer’s Questionnaires, safety and soundness examination request packages, and FRB reports.

Officer’s Questionnaire: One way that examiners determine the loan transactions made by a financial institution to its affiliates is through the bank’s response to Question 15 of the Officer’s Questionnaire. Question 15, states:

List all organizations that are directly or indirectly affiliated with, or otherwise related to, the institution in any way, including fiduciary relationships. Related organizations may be corporations, partnerships, business trusts, or any similar organization. Provide the following information for each listing:

• Name of Affiliate.
• Location.
• Type of business.
• Current balance of all direct and indirect extensions of credit to the affiliate (per Section 23A of the FR Act).
• Current balance of all loans to third parties, where the loans are collateralized with securities issued by the affiliate.

For all 24 examinations we reviewed, the financial institutions provided responses to Question 15 in the Officer’s Questionnaire related to the extensions of credit to affiliates.

Safety and Soundness Examinations: We reviewed the safety and soundness request packages (First Day Letter Requests) for the three DSC regions in our review to determine what information the examiners request from the banks regarding affiliates and affiliate transactions. The following illustrates the information requested in the area of affiliates in the first day letter used by the DRO examiners.

The First Day Letter requests (1) a list of affiliated companies as defined by Section 23A of the Federal Reserve Act and Section 2(b) of the Banking Act of 1933, including names and locations, period of existence, primary business activities, current financial information, nature of affiliation, circumstances under which affiliation arose, bank transactions with affiliates, and deposit accounts and balances maintained at the bank; (2) holding company information – financial statements (FR Y-9), Bank Holding Company Inspection Report, Uniform Bank Holding Company Performance Report, information on holding company debt, directors and officers, list of services provided by the holding company or other affiliates and fees paid, and tax allocation agreement; (3) copies of voting trust agreements for bank stock or bank holding company stock; (4) information regarding subsidiaries of the bank – list of bank subsidiaries, list of officers and directors, and financial statements; and (5) Officer’s Questionnaire.

We reviewed the first day letter requests for the 21 examinations targeted for affiliate work and found that 14 did not include a request for a list of transactions with affiliates.

Federal Reserve Reports: The Related Organizations ED Module includes a procedure for the examiner to review and analyze FRB Holding Company inspection reports. (Note: The primary purpose of the bank holding company inspection is to determine whether the strength of the holding company is being maintained on an ongoing basis and to assess the consequences of transactions between the parent organization, the insured bank subsidiaries, and nonbank affiliates.) RDM 2001-039 also mentions the FRB reports on the holding company. Finally, DSC’s Dallas Regional Office includes in its First Day Letter a request that the bank provide copies of the FR Y-9C Report, Consolidated Financial Statements for Bank Holding Companies.

During the course of our review, we became aware of another FRB report, the FR Y-8 Report, entitled The Bank Holding Company Report of Insured Depository Institutions’ Section 23A Transactions with Affiliates, a quarterly report that collects information on transactions between an insured depository institution and its affiliates that are subject to Section 23A of the FR Act. For purposes of the FR Y-8 Report, an insured depository institution includes all of its subsidiaries, except financial subsidiaries and insured depository institutions that are controlled by a parent insured depository institution. The FRB requires that bank holding companies file a separate FR Y-8 Report for each insured depository institution and submit the report to the appropriate Federal Reserve Bank on a quarterly basis. The FR Y-8 Report requires that all bank holding companies with insured depository institutions that have covered transactions report the aggregate amount of such transactions that are subject to Section 23A requirements. Appendix VII contains the FRB’s general instructions for preparing the FR Y-8 Report.

We discussed the FR Y-8 Report with several EICs and case managers. Most of the interviewees were not familiar with this report. Further, we did not locate copies of the FR Y-8 Reports in the examination workpapers and files that we reviewed for the 16 banks in our sample that were part of bank holding companies regulated by the FRB.

We also identified another FRB report, FR Y-6 Report that might be helpful to examiners and case managers in their examination and monitoring activities related to affiliates. The FR Y-6 Report, entitled Annual Report of Bank Holding Companies, is filed by all top-tier bank holding companies and consists of the requirement to submit SEC form 10-K if the bank holding company is registered with the SEC or an annual report if one is created and sent to shareholders. The FR Y-6 Report also requires the submission of an organizational chart and includes information on the identity, percentage ownership, and business interests of principal shareholders, directors, and executive officers.

The EICs told us that they use resources such as annual reports, SEC filings, and FRB bank holding company inspection reports to help identify affiliates. Sources of information for examiners regarding affiliate transactions consist of the Officer’s Questionnaire, further corroborated through a review of the bank’s financial reports and general ledgers, as well as prior ROEs. The FR Y-6 Report could serve as an additional resource for the examiner in identifying affiliated organizations. Further, the FR Y-8 Report could serve as an additional resource for the examiner in identifying affiliate transactions.

DSC’s approach to identifying affiliates and related transactions is reasonable. However, examiners could benefit by requesting additional information from the financial institutions, especially in the area of affiliate transactions that have taken place since the prior safety and soundness examination. Examiners could also obtain additional information on affiliate transactions and bank holding company structures from FRB reports.

We recommend the Director, DSC:

1. Include a request for a list of affiliate transactions in the Safety and Soundness Examination Request Package when DSC knows or has reason to believe that a financial institution has affiliate activities. In situations where affiliate transaction activity is voluminous, request that for each affiliate, the bank provide the types or categories of affiliate transactions that have occurred since the previous examination and a list of transactions with values greater than a predetermined dollar threshold.
   
   
2. Inform safety and soundness examiners and case managers as to the availability of FR Y-6 and FR Y-8 Reports as additional resources for identifying affiliates and affiliate transactions.

In some instances, DSC examiners could have better documented the examination procedures applied to affiliates and affiliate transactions. In 17 of the 21 financial institution examinations we reviewed where affiliates were targeted during pre-examination planning, the DSC examination workpapers contained sufficient information in the form of the Related Organizations ED Module or summary statements to identify the procedures used in reviewing affiliates activities, and the examiners' methodology in these instances appeared reasonable. However, we could not conclude on the adequacy of procedures applied to affiliates for the four remaining examinations because there was no record in the workpapers of what the examiners had done in this area to review affiliate transactions. As a result, the adequacy of examination procedures of affiliate work in four examinations cannot be determined, and subsequent users of the examination workpapers cannot readily understand the extent of work performed under prior examinations to identify or assess risks associated with affiliate transactions.

DSC uses a risk-focused examination process to target bank examinations on bank functions that pose the greatest risk exposure. The risk-focused examination process attempts to assess an institution's risk by evaluating its processes to identify, measure, monitor and control risk. The risk-focused examination program includes a set of primary and supplemental ED Modules that address the major functional areas of a financial institution. Each module contains a series of examination procedures for examiners to consider when evaluating the financial institution. These procedures are separated into three distinct tiers: Core Analysis, Expanded Analysis, and Impact Analysis. The Core Analysis includes procedures to be considered, but not necessarily performed, at every examination. When significant weaknesses are noted during the Core Analysis, examiners are required to complete the Expanded Analysis procedures for only those areas that present the greatest risk to the institution. If the risks are material, or the activity is not adequately managed, then the examiner is expected to perform the Impact Analysis. (Note: Impact Analysis reviews the impact that deficiencies identified in the Core and Expanded Analysis Decision Factors have on the bank's overall condition. Impact Analysis also directs the examiner to consider possible supervisory options.)

The EIC is responsible for developing an examination program that is commensurate with the level of risk in each functional area, such as an institution's affiliates and affiliate transactions. The effective use of the risk-scoping process gives examiners the flexibility to omit unnecessary procedures in areas that are well controlled or pose minimal risk to the institution. If the pre-examination assessment indicates that a functional area has minimal risk and a stable history, further analysis in unnecessary. The EIC prepares a PEP memorandum documenting this assessment and identifying Targeted Risk Areas. (Note: Areas with more than normal risk, to which the examiner intends to devote additional examination resources.) The examiner performs standard examination procedures for the functional areas that present average or moderate risk. (Note: Standard examination procedures refer to performing the Core ED Analysis or completing similar procedures, which form the basis for conclusions and findings.) The examiner is not expected to complete any supplemental ED module, or similar procedures, unless specifically mentioned in the PEP memorandum. The Related Organization ED Module (examination procedures for affiliates and affiliate transactions) is a supplemental ED module. The examiner's judgement in deciding which examination procedures should be performed and which procedures can be excluded is critical to the success of the FDIC's risk-focused examination program. The examination procedures performed for reviewing affiliates and affiliate transactions should be tailored based on the characteristics of each bank. As a result, the extent to which examination procedures are completed as they relate to affiliates will vary from bank to bank, or even examination to examination.

The DSC recognized that the preparation of examination workpapers is an important part of documenting the examination process and supporting examination conclusions. RDM 2001-039 emphasized the importance of examination workpapers and provided the examiners with greater flexibility in choosing how to best document the examination process findings either through the use of ED Modules or new workpaper guidelines originating from the DSC Process Redesign Project. Although RDM 2001-039 established the discretionary use of ED modules, this guidance encouraged the EIC to use ED modules when appropriate, especially when reviewing specialty areas, and stipulated that the examination documentation should "demonstrate a clear trail of decisions and supporting logic within a given area" and provide written support for the examination and verification procedures performed, conclusions reached, and the narrative comments in the ROE. This examination documentation should include a "Summary Statement" which at a minimum briefly details the procedures used, documents relied upon, and the analysis conducted to support the examiner's conclusions relative to the assigned CAMELS components. Summary Statements can take many forms, including notations on copies of the source documents, separate hand-written comments, use of an ED module, and/or a document prepared electronically with a hard copy maintained in the appropriate workpaper file. The EIC is responsible for determining the extent of documentation used in the examination process. The DSC Manual of Examination Policies, Section 1.1, was updated in February 2002 to incorporate the provisions of RDM 2001-039. In addition, ICRS conducts regional office reviews, including a check of field office reviews, to ensure that the examination and supervision program is operating in accordance with corporate and divisional policies.

Given these workpaper guidelines, we reviewed the examination workpapers that DSC provided us, namely all workpapers for 10 of the 24 examinations and workpapers pertaining to related organizations and affiliates, especially the Related Organizations ED Module, for 14 of the 24 examinations. Seventeen of the 39 different ED modules contained 65 affiliate-related examination procedures to be considered by the examiner as part of core analysis. At the time of our review, the Related Organizations ED Module had 28 core analysis procedures and 8 core analysis decision factors (refer to Table 1 below) that represented the examiner's summary conclusions of the core analysis procedures performed. In the absence of ED Module documentation, we looked for the alternative documentation to evaluate the actual procedures used to identify affiliates and examine affiliate transactions. In doing so, we accepted the judgment and other factors used by the examiners in their determination of what procedures they applied to reviewing affiliate activities.

Source: Related Organizations ED Module

We reviewed 24 examination workpapers covering 10 field offices in three regions (6 in New York, 2 in Dallas, and 4 in San Francisco). In reviewing examination workpapers, we looked for an explanation of the procedures that were used in the form of annotations or checkmarks to the ED Module steps, support for the responses to the core analysis decision factors, or a summary statement that described the steps taken in reviewing affiliate transactions. We found that for 17 of the 21 examinations targeted for affiliates work, the examiners identified the procedures they used in regard to reviewing affiliate activity either in the Related Organizations ED Module or a summary statement related to a review of affiliate transactions. For example, in one of the examinations, the workpapers included responses to the Related Organizations ED Module core analysis decision factors, comments for each of the eight decision factors, and notations to the procedures within the ED Module that the examiners used in their review of activities with affiliates.

However, we could not conclude on the adequacy of examination procedures in the area of affiliate activities for the remaining four examinations because the examination workpapers we reviewed did not specify what procedures the examiners actually performed. In two of the four examinations, the workpapers included answers to the core analysis decision factors but there were no notations to indicate what the examiners did or what documents were relied upon in order to respond to the questions. In one of these two instances, the workpapers included seven summary statements relating to affiliate conclusions reached and assertions of fact and opinion in the ROE, but none of the summary statements provided a summation of the documentation relied upon during the review or briefly detailed the procedures used and analyses conducted to support the conclusions and assertions. In the third instance, the workpapers included two summary statements relating to affiliates, but the summary statements omitted a summation of the documentation relied upon during the review or a brief description of the procedures used and analyses conducted to support the conclusions and assertions. In the fourth instance, the affiliate workpapers did not include a summary statement, Related Organizations ED Module core analysis decision factors, or the ED Module procedures with annotations or checkmarks indicating which procedures were performed and the documents relied upon to reach the examiner's conclusions.

Although we were unable to identify the affiliate-related procedures that the examiners used in these four examinations, we could not determine with certainty that the examiners did not perform the work. Through a review of the workpapers, we were able to determine that examiners collected information in the area of affiliates, as evidenced by source documents contained in the workpapers, such as the Officer’s Questionnaire, bank organization charts, SEC filings, and FRB Bank Holding Company Inspection Reports. However, we could not always determine whether the examiners reviewed or analyzed the information contained in these documents.

Table 2 summarizes the results of our review of 24 examination workpapers and shows the documents that the examiners prepared to identify the examination procedures performed and conclusions reached. Table 2 also shows the number of instances where DSC did not document the procedures performed.

Source: OIG Analysis

During our January 28, 2003 exit conference, DSC management requested that we allow regional and field officials the opportunity to respond to our four identified exceptions. These officials provided detailed written explanations of procedures performed related to affiliates or reasons why procedures were not necessary. However, the regional and field office responses did not provide additional evidence of workpaper documentation of the examination procedures performed.

Current DSC policy recognizes the importance of workpaper documentation. RDM 2001-039 states that examination findings should be documented through a combination of brief summaries, bank source documents, report comments, and other examination workpapers that address both management practices and condition. Examination documentation should demonstrate a clear trail of decisions and supporting logic within a given area. Documentation should provide written support for examination and verification procedures performed and conclusions reached. It should also support the assertions of fact or opinion in the financial schedules and narrative comments in the ROE. The DSC Manual of Examination Policies, Section 1.1, states that all procedures performed during the examination should be sufficiently documented in the workpapers. It is our position that the term "examination findings" would pertain to any conclusion reached, not just negative findings on an exception basis. As such, we would expect that the examiner be required to document the examination procedures performed when reviewing affiliates and affiliate transactions at all times, not just when there is an "exception" reporting of findings. The nature of exception-based reporting only heightens the need for examiners to document examination procedures performed to support conclusions on the risks posed by affiliates and affiliate transactions.

DSC management officials indicated that the four exceptions we noted in the area of documenting procedures posed "…little risk that material affiliate risk is not captured in our [DSC] current [examination] practices." We could not determine and are not expressing an opinion on the increased risk, if any, posed to the adequacy of DSC’s overall examination process by the four documentation exceptions we noted. However, the documentation exceptions we identified were for examinations of large banks having assets greater than $250 million with CAMELS ratings of 2, 3, or 4, and several of these banks were cited for prior affiliate-related violations. Moreover, several bank failures over the past few years have identified affiliate relationships and transactions as factors contributing to their failure. Finally, we observed disparities among regional offices in the manner and level to which examiners document the procedures performed in the area of affiliate activities and affiliate transactions. Accordingly, we are recommending that DSC ensure compliance with documentation requirements associated with reviewing affiliate activity through DSC’s ongoing monitoring of its examination practices. The outcome of such monitoring will be greater assurance that affiliate risk is being adequately identified and evaluated.

We recommend that the Director, DSC:

3. Ensure, through ICRS' Regional Office Review Program and the Field Office Review Program, that examiners are following DSC's policies for documenting affiliate work and the examination procedures used, the documents relied upon, and the analyses conducted in the examination of transactions with affiliates.

The Director, DSC, provided a written response, dated March 21, 2003, to a draft of this report. DSC’s response is presented in its entirety in Appendix IX to this report. We also made changes throughout the report to reflect discussions with and additional correspondence from DSC.

The Corporation partially agreed with recommendation 1. DSC agreed with the intent of the recommendation to include a request for a list of affiliate transactions in the Examination Request Package, but added that this list would not be considered necessary for every exam, and examiners should be provided the flexibility to include items they deem appropriate for the organization being examined. Instead, DSC plans to issue guidance to examiners by June 30, 2003, re-emphasizing that when examiners have reason to believe that a financial institution has affiliate transactions, they should consider whether to include a request for a list of transactions in the Examination Request Package or request appropriate alternatives.

We consider DSC’s proposed action sufficient to resolve this recommendation. However, we would note that our recommendation provided the FDIC flexibility to tailor the affiliates transactions request list based on individual examination needs. Obtaining a list of affiliate transactions, or when the affiliate activity is voluminous, the types or categories of affiliate transactions that have occurred since the previous examination, would serve as an additional resource for examiners in determining that transactions between banks and their affiliates comply with the provisions of applicable laws, and ensuring that the transactions are not detrimental to the safety and soundness of the financial institutions. In the absence of this information, examiners could be missing an opportunity to gain greater assurance that they have identified all affiliate activities before an examination is conducted and properly planned examination coverage to address the associated risks.

DSC fully concurred with recommendations 2 and 3. With respect to recommendation 2, DSC will request that the Interagency ED Module Maintenance Committee revise the Related Organizations Module to include a reference to the availability of the FR Y-6 and FR Y-8 Reports. We suggest that DSC inform examiners and case managers of the existence of these reports while pursuing changes to the ED Module.

With respect to recommendation 3, DSC agreed to add guidance to its Regional Office Review Program to ensure adequate review of examination procedures of affiliate activities. DSC also indicated in its response that it further reviewed the four cases where we could not conclude on the adequacy of examination procedures and concluded that substantial review and analysis of affiliate activities took place in all four examinations.

DSC’s proposed actions are sufficient to resolve each recommendation. However, these recommendations will remain undispositioned and open for reporting purposes until we have determined that agreed-to corrective actions have been completed and are effective.

Appendix X presents a summary chart showing DSC’s responses to our three recommendations.

OBJECTIVE, SCOPE, AND METHODOLOGY

The overall objective of our evaluation was to review DSC’s efforts to identify affiliates of FDIC-supervised institutions and examine transactions with such affiliates. In accomplishing our objective, we reviewed the following areas:

1. The manner in which DSC examiners identify and assess the risks associated with affiliates and affiliate transactions in determining the examination procedures applied to this activity during safety and soundness examinations.
   
   
2. The adequacy of examination procedures actually applied to affiliate activities.

In reviewing these two areas, we addressed the role of the DSC case manager in identifying and monitoring FDIC-supervised institution affiliates and affiliate transactions.

To accomplish our objective, we performed the following work:

• Identified and reviewed the following laws, regulations, policies, and procedures related to the FDIC’s responsibilities in the area of financial institutions’ affiliates and affiliate transactions.

1. Banking Act of 1933, Section 2(b).
2. Federal Reserve Act, Sections 23A and 23B.
3. Bank Holding Company Act of 1956.
4. Federal Deposit Insurance Act, Section 18(j).
5. Division of Supervision and Consumer Protection (DSC) Manual of Examination Policies: Related Organizations, Section 4.3 as of August 1999, and the February 2002 revision that includes the provisions of the Gramm-Leach-Bliley Act (GLBA) which amended many laws governing the affiliation of banks and other financial service providers.
6. DSC Manual of Examination Policies, Basic Examination Concepts and Guidelines, Section 1.1, Coordination of Bank Holding Company Inspections and Subsidiary Institution Examinations.
7. DSC Regional Directors Memorandum 2001-002, Implementation of Functional Regulation Pursuant to the Gramm-Leach-Bliley Act, dated January 10, 2001, Transmittal Number 2001-002.
8. DSC Regional Directors Memorandum 2001-037, Revised Pre-Examination Planning Memoranda, dated September 12, 2001, Transmittal Number 2001-037.
9. DSC Regional Directors Memorandum 2001-039, Guidelines for Examination Workpapers and Discretionary Use of Examination Documentation Modules, dated September 25, 2001, Transmittal Number 2001-039.
10. DSC Regional Directors Memorandum, Revised Report of Examination, dated October 11, 2001, Transmittal 2001-045.
11. Related Organizations Examination Documentation (ED) Module, dated October 2000.
12. ED Module, Risk Scoping Activities, dated August 2001.
13. Procedures related to affiliates that were included in the following ED Modules-Loan Portfolio Management and Review Control; Securities and Derivatives; Other Assets and Liabilities; Earnings; International Banking; Nondeposit Investment Products; Securitization; Trust; Retail Insurance and Securities Sales Activities; Commercial and Industrial Loans; Credit Card Activities; Subprime Lending; Pooled Investment Vehicles Reference; Employee Benefits Reference; Conflicts of Interest; and Reviews of External Auditor Workpapers.
14. FDIC Circular 7000.1, DSC/DRR Information Sharing for Failing Institutions, dated December 3, 1999.
15. FDIC Case Managers Procedures Manual.

• Reviewed Reports of Examination (ROE) for 32 FDIC-supervised financial institutions rated CAMELS 3, 4, and 5 as of December 31, 2001, and having assets over $250 million.
• Reviewed ROEs for FDIC-supervised financial institutions rated CAMELS 1 and 2 and having assets greater than $250 million.
• Selected 24 examinations for review of examination procedures applied to affiliates and related transactions in order to determine the adequacy of procedures used. (Refer to Table 3.)

Source: OIG Analysis

• Using a questionnaire, interviewed Examiners-in-Charge (EIC) or operations manager (OM) responsible for the 24 examinations we reviewed.
• Using a questionnaire, interviewed the case managers (CM) responsible for overseeing the 24 financial institutions in our sample.
• Reviewed examination workpapers, including correspondence files, for the 24 financial institution examinations we selected for review.
• Reviewed the Federal Reserve System Bank Holding Company Supervision Manual provisions that relate to testing of transactions among and between bank holding companies and their bank and nonbank affiliates to determine the extent of transaction testing performed by the Federal Reserve in its inspections of bank holding companies.
• Reviewed the Federal Reserve instructions and guidance for preparing and submitting the FR Y-6 Report, Annual Report of Bank Holding Companies, and FR Y-8 Report, The Bank Holding Company Report of Insured Depository Institutions’ Section 23A Transactions with Affiliates.
• Obtained and analyzed results of financial databases queries made by the OIG’s Office of Investigations to identify the organizational structures for five New York Regional Office-supervised banks and one Dallas Regional Office-supervised bank with CAMELS ratings of 3, 4, and 5 and having assets greater than $250 million.
• Interviewed Federal Reserve officials regarding the availability of FR Y-8 Reports to the FDIC.
• Performed Internet research related to Industrial Loan Companies (ILC) and the applicability of Section 23A and 23B to ILC.
• Reviewed DSC’s training curriculum and On The Job Training (OJT) course outlines for noncommissioned examiners to determine the extent of training in affiliates and affiliate transactions.
• Reviewed the Federal Reserve Board’s notices related to Regulation W. In November 2002, the Federal Reserve Board published a final Regulation W, which combines the Federal Reserve’s statements on Sections 23A and 23B of the FR Act with new elements required by the Gramm-Leach-Bliley Act in a single, comprehensive rule governing transactions between banks and their affiliates. Final Regulation W will have an effective date of April 1, 2003.

We gained an understanding of DSC’s system of internal control by reviewing the policies and procedures for identifying and reviewing financial institutions affiliates and related transactions and the examiners' implementation of those policies and procedures as they apply to affiliates. We did not test internal controls over these processes. Further, we did not (1) test for fraud or illegal acts, (2) test for compliance with laws and regulations, or (3) determine the reliability of computer-processed data obtained from the FDIC’s computerized system. We limited our review of Government Performance and Results Act reporting to reviewing the FDIC 2001 to 2006 Strategic Plan to identify any goals related to affiliates.

We performed fieldwork in DSC headquarters; Dallas, New York, and San Francisco Regional Office; and Baltimore, Dallas, Orange, Portland, Salt Lake City and San Francisco Field Offices. We conducted our evaluation from June 2002 through January 2003, in accordance with generally accepted government auditing standards. We discussed the results of our evaluation with DSC management at an exit conference held on January 28, 2003.

Four major types of affiliates are defined in Section 23A and these are discussed in the following paragraphs.

The first category pertains to a parent holding company and its subsidiaries. Any company that controls the bank (holding company) as well as any other company that is controlled by the company controlling the bank (sister subsidiary) is considered to be an affiliate of the bank under Section 23A. "Control" is defined as owning, controlling, or having the power to vote (directly or indirectly) 25 percent or more of any class of voting securities; or controlling in any manner the election of a majority of the directors or trustees. The term "company" means a corporation, partnership, business trust, association, or similar organization. These definitions are very similar, although not identical, to the definitions of "control" and "company" used in the Bank Holding Company Act. It is therefore possible to have a holding company-subsidiary relationship under the Bank Holding Company Act which is not an affiliate relationship for the purposes of Section 23A. Control relationships existing in certain types of trusts are an example.

Section 23A grants an important exemption with respect to domestic banks which are affiliated under this definition. When a bank is 80 percent controlled by a holding company, its transactions with other banks which are also 80 percent controlled by the same holding company are largely unrestricted. The only restrictions which do apply are the general prohibitions against a bank purchasing low-quality assets from its affiliates (refer to "Restrictions on Covered Transactions With Affiliates" below for a definition of "low quality asset"), and a requirement that all transactions be consistent with safe and sound banking practices. All restrictions and limitations set forth in Section 23A are, however, applicable to transactions by a bank with its parent holding company, its non- bank subsidiaries, and its bank subsidiaries which do not meet the 80 percent exemption. They also apply to an affiliated foreign bank even where the 80 percent test is met. The rationale for the 80 percent ownership test is that it is the minimum ownership generally required for the preparation of consolidated Federal income tax returns.

The second category consists of bank subsidiaries of a bank. A domestic bank, which is controlled by another bank, is an affiliate of the controlling institution for the purposes of Section 23A. Where such bank is, however, 80 percent controlled, it is granted the same exemption described above relative to sister bank affiliates in a holding company organization. Thus, the treatment of domestic bank affiliates is consistent whether the bank is affiliated through a holding company or by virtue of direct ownership or control.

A different situation exists with respect to non- bank and foreign bank subsidiaries. Directly owned subsidiaries of this type, whether majority or minority owned, are excluded from the definition of an affiliate for the purposes of Section 23A. This is in contrast to the treatment of such firms when they are holding company subsidiaries. (As noted above, non-bank and foreign bank subsidiaries of a holding company are affiliates and are subject to the restrictions of Section 23A). The rationale for this contrast in treatment is that non-bank subsidiaries, when majority owned by a bank, are really an integral part of the bank and transactions between the two should not normally be restricted. With respect to minority owned nonbank subsidiaries, it is noted that most banks are restricted in their ability to own stock and several of the more common types of non-bank subsidiaries (such as bank premises and safe deposit companies) are specifically exempted anyway. While this rationale serves to mitigate concern for transactions with non-bank subsidiaries in many instances, situations may arise where a bank can be exposed to undo risk. For instance, in some states banks may be able to conduct types of businesses through a non-bank subsidiary which would be prohibited to the bank itself. While the bank's investment in such a company may be limited, there may be no restriction on the amount of loans which could be made to the affiliate to fund its operations. Where evidence exists that a particular non-bank subsidiary should be brought under the restrictions of Section 23A, this can be accomplished by specific order or regulation. Any such recommendation should be forwarded to the Regional Office accompanied by supporting information.

The third category of affiliates may be referred to as companies interlocked with a banking organization. Any company which is interlocked with a bank or its holding company by virtue of common ownership or common directors is an affiliate of the bank for the purposes of Section 23A. Such interlocks will arise any time that (1) 25 percent or more of a company is owned, directly or indirectly, by or for the benefit of shareholders who have a direct or indirect ownership of 25 percent or more in either the bank or its parent holding company; or (2) a majority of a company's board of directors also comprise a majority of the board of the bank or its parent holding company. This definition may frequently be applicable to chains of one-bank holding companies which are interlocked by ownership or board membership at the holding company level. Under this definition both the chain of holding companies and their subsidiary banks will be affiliates of a bank under examination if either of the above relevant criteria are met.

The final category is comprised of sponsored and advised affiliates. For the purposes of Section 23A, a company which is sponsored and advised on a contractual basis by a bank, or by any of the bank's subsidiaries or affiliates, is an affiliate of the bank. Real estate investment trusts are an example of this type of affiliation.

Any investment company which a bank or any of its subsidiaries or affiliates serves as an investment advisor is an affiliate of the bank. An investment advisor is basically one who, pursuant to a contract, regularly furnishes advice with respect to the desirability of investing in, purchasing or selling securities, or is empowered to determine what securities shall be purchased or sold by the investment company. The rationale for the inclusion of these two types of affiliations is that banks may, in order to protect their reputation or to forestall lawsuits alleging that bad advice was given, engage in less than arms length transactions. By according the provisions of Section 23A to such situations, a bank's potential exposure to loss can be controlled.

Examiners should evaluate the above-captioned function against the following control and performance standards. The Standards represent control and performance objectives that should be implemented to help ensure the bank operates in a safe and sound manner, and that the entity’s objectives are carried out. Associated Risks represent potential threats to the bank if the standards are not achieved and maintained. The Standards are intended to assist examiners in analyzing important functions that may warrant additional review. All of the following Standards may NOT need to be considered at every bank. Conversely, these do NOT represent all of the control and performance standards needed for every bank. Examiners should continue to use their judgement when assessing risk.

Core Analysis Decision Factors

Examiners should evaluate Core Analysis in this section for significance and to determine if an Expanded Analysis is necessary. Negative responses to Core Analysis Decision Factors may not require proceeding to the Expanded Analysis. Conversely, positive responses to Core Analysis Decision factors do not preclude examiners from proceeding to the Expanded Analysis if deemed appropriate.

C.1. Are bank policies and procedures adequate for the level of transactions among the holding company, affiliates, and subsidiaries?

C.2. Are internal controls adequate?

C.3. Are the audit or independent review functions adequate?

C.4. Are information and communication systems adequate and accurate?

C.5. Are bank affiliates able to operate without threatening the financial condition of the bank and are separated appropriately?

C.6. Do transactions comply with the appropriate Federal and state laws and regulations?

C.7. Are all affiliated organizations appropriately capitalized?

C.8. Do the board and senior management effectively supervise this area?

Expanded Analysis Decision Factors

This section evaluates the significance and materiality of deficiencies or other specific concerns identified in the Core and Expanded Analyses.

E.1. Are deficiencies immaterial to management’s supervision of transactions with related organizations?

E.2. Are deficiencies immaterial to the bank’s financial condition?

Core Analysis

Consider the following procedures at each examination. Examiners are encouraged to exclude items deemed unnecessary. This procedural analysis does not represent every possible action to be taken during an examination. The references are not intended to be all-inclusive and additional guidance may exist. Many of these procedures will address more than one of the standards and Associated Risks. For the examination process to be successful, examiners must maintain open communication with bank management and discuss relevant concerns as they arise.

1 Review prior examination reports, pre-examination memorandum, and file correspondence for an overview of any previously identified criticisms. Pay particular attention to Federal Reserve HG inspection reports.

2 Review the most recent external and internal audits to determine scope, criticisms, and recommendations with the Holding Company (HG), affiliates, and bank subsidiaries.

3 Identify relationships with holding companies, other affiliates and subsidiaries. Review possible ownership ties for affiliates not identified by the institution.

4 Examine the corporals structure surrounding the bank and identify affiliate transactions. Pay particular attention to the following items:

4 A Policies established concerning tax sharing arrangements and various transactions between related organizations.

4 B Listing of affiliated transactions from the pre-examination information.

4 C Principal shareholder, director, and executive officer information.

4 E Fixed asset subsidiaries or affiliates.

4 F Multiple relationships with customers. (e.g., bank lends to a company, an affiliate underwrites its securities or sells securities of the company to its bank customers.)

5 Review the holding company and the bank’s corporate structure for the possibility of a chain banking group. Note: A chain banking group is a group (two or more) of banks or savings associations or their holding companies which are controlled directly or indirectly by an individual or company acting alone or through or in concert with any other individual or company.

6 Review, to the extent possible, other Federal and state examination reports of the banks within a chain banking group for mutually-shared risks. Consider the following items:

6 A Size and complexity of the organizations.

6 B Overall condition of the institutions in the chain.

6 C Extent of loan participation among institutions in the chain.

6 D Degree of interdependence among institutions,

6 E Common deficiencies in lending and investment policies.

6 F Possible insider abuse.

6 G Shared management.

6 H Degree and nature of control being exerted over individual institutions (absentee ownership).

7 Determine if policies appropriately address relationships and transactions with related organizations.

8 Determine if formal and informal employee sharing agreements are appropriate and dual employees’ work allocation conforms to the agreement.

9 Determine the bank’s methods for identifying transactions subject to Section 23A and 238 of the Federal Reserve Act. Determine if these methods adequately identify such transactions. Consider the following information:

9 A Internal reports (Management should document any covered transactions with affiliates).

9 B Loan records.

9 D Deposit accounts.

9 E Accounts payable and receivable.

9 F Board minutes.

9 G Discussions with management (e.g., Does management understand what services its affiliates provide?).

10 Determine the volume and frequency of inter-institution transactions such as loan participations or sales, purchase or sales of securities or other assets, bank stock loans, insider transactions and contractual obligations for services. Review these for possible noncompliance or abusive activities. Consider the following items:

10 A Loan quality asset prohibition.

10 B Collectibility of receivables.

10 C Collateral requirements for covered transactions.

10 D Advertising restrictions.

10 E Fixed asset arrangements.

11 Review any formal or informal agreements regarding covered transactions. Determine if management adequately documents and supports the cost, fee structure, and quality of services.

12 Determine the bank’s compliance with any outstanding conditions of an approved order or commitment issued by the regulator.

13 Determine if the independent review provides sufficient coverage relative to the institution’s size, scope of related organization activities, and risk profile. The independent review should:

13 A Recommend corrective action, when warranted.

13 B Verify that corrective action commitments have been implemented.

13 C Assess separation of duties, internal controls, and supervision of related organization activities.

13 D Determine compliance with policies, procedures, and regulatory requirements.

13 E Assess the adequacy, accuracy, and timeliness of reports to senior management and the board.

14 Determine that results are reported to the board or designated committee on a timely basis.

15 Determine if management’s responses to recent audits or independent reviews are reasonable.

16 Determine if management reports provide sufficient information relative to the size and risk profile of the organization and evaluate the accuracy and timeliness of the reports.

17 Confirm the level of bank ownership by the holding company.

18 Review the stockholders listing and most recent proxy statements of the holding company. Note those ownership or control levels that satisfy the definition of control.

19 Review and analyze the holding company’s financial information, such as 10-K, 10-Q, UBHCR and BOPFC rating. Internal financial statements, annual reports, the officer’s questionnaire, and the holding company’s inspection report. Consider the following items in the review:

19 A Origin of long-term debt, short-term debt, unamortizing debt, and the level of pressure exerted on the bank subsidiary to upstream dividends.

19 B Level of holding company borrowing used to provide equity contributions to the subsidiary bank (double leverage).

19 C Sources of income. Pay particular attention to management fees paid by the bank outside the dividends upstreamed.

19 D The holding company’s ability to attract funds.

19 E Holding company transactions between subsidiaries.

19 F Income tax payments if tax return is filed on a consolidated basis. (Refer to the FDIC Statement of Policy, Income Tax Remittance by Banks to Holding Company Affiliates.)

19 G Deposit relationships maintained at the bank.

19 H Merchant banking or other activities at the holding company that may impact credit decisions at the bank level.

20 Review the management structure and programs of the holding company and its subsidiaries and determine the impact on the institution. Consider the following issues:

20 A Level of centralized control by the holding company over bank subsidiaries.

20 B Expertise that is available to the bank subsidiary.

20 C Training programs.

20 D Movement of officers between the bank, holding company, and affiliates. Note any unfilled positions within the bank subsidiary.

20 E Bank management time allocated to holding company activities versus bank business.

20 F Management contracts with holding company and bank subsidiaries and all supporting documentation.

20 G Applicability of Regulation 0.

21 Determine that management and other fees paid by the bank have a direct relationship to the value of the actual goods and services rendered based on reasonable costs consistent with current market values for such goods and services.

22 Review any mortgage banking activity and servicing contracts with affiliates, if applicable. Pay particular attention to the following concerns:

22 A The capacity in which the affiliate is acting. (Acting as principal on the behalf of or as agent for the affiliate bank.)

22 B The nature of the services provided.

22 C The transfer of low quality assets.

22 D The adherence to regulatory requirements for mortgage servicing rights.

22 E The billing arrangement, frequency of billing, method of computation, and the basis for fees.

22 F The method for compensating the bank for balances maintained and net interest earned on warehouse loans and lines. This method should not be preferential.

22 G The pricing of loan and servicing right sales.

23 Analyze the subsidiaries’ financial information, operating policies, and any activities and determine if they may be detrimental to the institution’s financial position. Consider the following items:

23 A Quality of assets.

23 B Funding needs.

23 C Fees received from the bank.

23 D Salary structure of subsidiary’s officers and shared officers.

23 E Financial condition of the subsidiaries.

24 Confirm that the bank’s loan agreements do not restrict a borrower from obtaining credit, property, or service from a direct competitor of the holding company, holding company’s subsidiaries, or bank’s subsidiaries as a condition of credit (Anti-tying provision of the BHC Act). (Note: The provision is not intended to restrict the bank’s ability to impose debt limitations on borrowers.)

25 Assess whether bank customers who purchased financial products of affiliated organizations have been notified of the affiliate relationship.

28 Determine if the subsidiaries’ activities are permissible and comply with appropriate Federal and state laws and regulations.

27 Assess the adequacy of corporate, management, and physical separations that exist between the bank and affiliated organizations.

28 Determine if affiliates are in compliance with the capital requirements of their functional regulator.

Expanded Analysis

Generally, procedures used in the Expanded Analysis should target concerns identified in the Core Analysis and Decision Factors. Expanded procedures associated with Core Analysis and Decision Factors of no concern need not be used. The flexible guidelines specified for the Core Analysis also apply here.

1 Investigate why the policy and procedure deficiencies identified in the Core Analysis exist. Possible reasons for policy deficiencies may include the following circumstances:

1 A Management overlooked these issues.

1 B Management is unfamiliar with prudent related organization guidelines and procedures.

1 C Management is unwilling to create or enhance policies and procedures.

2 If poor compliance with policies and procedures exist, determine the reasons. Possible reasons are detailed below:

2 A Lack of awareness of policy existence.

2 B Disregard for established policies.

2 C Misunderstanding of the intent of policy guidelines.

2 D Poor internal communication of policy and procedures or subsequent revisions.

3 Determine if management commits to and supports proper controls and monitoring to ensure policy guidelines are followed in the future. Determine if proposed controls are reasonable.

4 Determine the effect on the bank of inappropriate employee allocation agreements or nonconformance with the agreement.

5 Determine if reimbursements are necessary for improper transactions.

6 Determine if the affiliate’s or subsidiary’s financial position will require additional funding requirements. Identify the source of the additional funding and the effect on the bank.

7 Determine the cause of violations or contraventions of FDIC statements of policies and identify responsible parties. Consider the following items:

7 A Unfamiliarity with laws, regulations, or statement of policies.

7 B Negligence.

7 C Misinterpretation of statutory or regulatory requirements or prohibitions.

7 D Willful noncompliance.

8 If the bank is critically undercapitalized (Under PCA), determine if the bank has engaged in any covered transaction as defined in section 23A, without the prior approval of the FDIC or FRS.

Impact Analysis

Impact Analysis reviews the impact that deficiencies identified In the Core and Expanded Analysis and Decision Factors have on the bank’s overall condition. Impact Analysis also directs the examiner to consider possible supervisory options.

1 Determine if the risks associated with affiliated relationships pose a material threat to the institution’s capital, asset quality, earnings, and liquidity. Assess the future impact on the institution if these deficiencies continue.

2 Determine if management quickly and effectively reduce the risks associated with affiliated relationships.

3 Determine if administrative and enforcement actions, Civil Money Penalties, or removal actions are necessary. Formulate specific recommendations, and advise the appropriate supervisory officials on the nature of the concerns. (FDIC: Field Office Supervisor and the Regional Office.)

4 Discuss the possibility of administrative and enforcement actions with executive management and the board of directors.

TO: Regional Directors

FROM: Michael J. Zamorski Acting Director

SUBJECT: Guidelines for Examination Workpapers and Discretionary Use of Examination Documentation Modules

1. Purpose: To issue examination workpaper guidelines and establish the discretionary use of the Examination Documentation (ED) Modules. The information contained in this memorandum encompasses the implementation guidelines for